﻿<!--#include file="const.inc"-->
<%
'====================================================================
' 感谢使用晴天3G智能建站系统..
' 作者:梁永强.QQ:766750857
' 官方网址:wap.qt3g.com
' 声明:软件版权归作者所有,没有经过作者本人同意不得非法破解和传播本程序
'====================================================================
%>
<%

Response.Expires = -1
Response.AddHeader "Pragma", "no-cache"
Response.AddHeader "Cache-Control", "no-cache, must-revalidate"

Server.ScriptTimeOut = 3600
select case v
case "0"
we0="<br/>"
%>

<card id="login" title="上传文件"><p align="<%=qingtian.px%>">
<%
case "1"
hr="<hr>"
zi="<span style=""color:#FF5500"">"
zi0="</span>"
we="<div class=""footer"">"
sou="<div class=""block4"">"
dao="<div class=""navi"">"
we0="</div>"
%>
<title>上传文件</title>
</head>
<body>
<!--#include virtual="/css.inc"-->
<%

End Select

dim listid,id,pageid,reid,upid,rs

		listid=Request.QueryString("listid")
		if not isnumeric(listid) then listid=0
		if listid="" then listid=0

		id=Request.QueryString("id")
		if not isnumeric(id) then id=0
		if id="" then id=0

		reid=Request.QueryString("reid")
		if not isnumeric(reid) then reid=0
		if reid="" then reid=0

		pageid=Request.QueryString("pageid")
		if not isnumeric(pageid) then pageid=1
		if pageid="" then pageid=1

if id=0 or listid=0 then
	%><%=we%><%=qingtian.utf8("请不要非法传递参数")%><%=we0%><%=dao%><a href="index.asp"><%=qingtian.utf8("论坛首页")%></a><br/><%
	response.end
end if

if sid="Null" then
	%><%=we%><%=qingtian.utf8("你还没登陆,请先登陆。")%><%=we0%><%=sou%>
	<a href="/login.asp?sid=<%=sidd%>&amp;url=/bbs/board.asp?listid=<%=listid%>"><%=qingtian.utf8("马上登陆")%></a><%=we0%>
	<%
elseif qingtian.qx("nofile", listid)=true then
		%>

		<%=we%><%=qingtian.utf8("出错啦!你已被禁止在本论坛发表帖子,有任何问题请联系管理员!")%><%=we0%>
		<%
else

if qingtian.zfff("zft")=false then
qingtian.err("你的积分不足,系统禁止你上传文件,上传文件最小需要积分"&qingtian.confff("zft")&"")
end if

	dim sql,filesize,upfile,AllowFileExt,formPath,i,fileExt,uploadsuc,ranNum,filename,upfilesize,UploadPath,FilePath,errs
	dim FsoObj1,Upload,File,FormName,path,FilePath2
	errs=false
	UploadPath = "upload/"
	FilePath = Request.ServerVariables("SCRIPT_NAME")
	FilePath=left(FilePath,instrrev(FilePath,"/" ) )


	FilePath2 = server.mappath(Request.ServerVariables("SCRIPT_NAME"))
	FilePath2=left(FilePath2,instrrev(FilePath2,"\" ) - 1 )
	path=FilePath2  & "/" &  UploadPath & year(now()) & "\"
	UploadPath=UploadPath & year(now()) & "/"


    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing


	path=path & month(now()) & "\"
	UploadPath=UploadPath & month(now()) & "/"


    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing


	path=path & day(now()) & "\"
	UploadPath=UploadPath & day(now()) & "/"



    			Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj1.FolderExists(path) = False then
   			FsoObj1.CreateFolder(path)
			end if
			Set FsoObj1=Nothing

	FilePath=FilePath & UploadPath

	dim filetype


	Set Rs = Server.CreateObject("Adodb.Recordset")

	Sql = "SELECT [upfile],[filesize],[format],[filetype] FROM [qingtian_bbs_config]"

	Rs.Open Sql,conn,1,1
	if not (rs.bof and rs.eof) then
		filetype=rs("filetype")
		upfile=rs("upfile")
		upfilesize=rs("filesize")
		AllowFileExt=rs("format")
	else
	end if
	Rs.close
	set rs=nothing


if upfile=true then

	set upload=new upfile_class ''建立上传对象
	upload.GetData(upfilesize*1024)   '取得上传数据,限制最大上传100M

	if upload.err > 0 then  '如果出错
		select case upload.err
			case 1
				%><%=we%>请先选择你要上传的文件！<%=we0%><%
				errs=true
			case 2
				%><%=we%>你上传的文件总大小超出了最大限制（<%=upfilesize%>KB）<%=we0%><%
				errs=true
		end select

	end if

	AllowFileExt = Replace(Replace(Replace(UCase(AllowFileExt), "ASP", ""), "ASPX", ""), "|", ",")

if  errs=flase then

		
for each formName in upload.file 
EnableUpload=true
		set ofile=upload.file(formName)  '生成一个文件对象	
		upfilename=ofile.FileName		
		oFileSize=ofile.filesize	
		sizes=cstr(round(oFileSize*1024))		
		fileExt=lcase(ofile.FileExt)
    		fileExt=trim(fileExt)
    
    		if fileExt<>"" then
		arrUpFileType=split(AllowFileExt,",")
		for i=0 to ubound(arrUpFileType)
			if fileEXT=trim(arrUpFileType(i)) then
				EnableUpload=true
				exit for
			end if
		next
    		else
  			EnableUpload=true
   		end if

		if InStr(fileEXT,"asp") > 0 or InStr(fileEXT,"asa") > 0 or InStr(fileEXT,"aspx") > 0 or InStr(fileEXT,"exe") > 0 or InStr(fileEXT,"bat") > 0 or InStr(fileEXT,"dll") > 0 or InStr(fileEXT,"cer") > 0  or InStr(fileEXT,"cdx") > 0  or InStr(fileEXT,"cgi") > 0  or InStr(fileEXT,"com") > 0 or InStr(fileEXT,"htr") > 0 or InStr(fileEXT,"stm") > 0 or InStr(fileEXT,"php") > 0 or InStr(fileEXT,"jsp") > 0 or InStr(fileEXT,"java") > 0 then
		 EnableUpload=false
		end if
		if EnableUpload=false then
			%><%=we%>请选择文件上传！这种文件类型不允许上传:asp|asa|aspx|exe|bat|cer...如果需要上传联系管理员开通(网站基本信息设置)或请先rar（压缩后）再上传<%=we0%><%
				errs=true
		end if
		if oFileSize>(upfilesize*1024) then
      			%><%=we%>文件大小超过了限制，最大只能上传<%=upfilesize%>K的文件！<%=we0%><%
				errs=true
		end if
		if oFileSize=0 then
      			%><%=we%>请先选择你要上传的文件！<%=we0%><%
				errs=true
		end if


		if errs<>true then

			filename=year(now)&strMonth&strDay&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt
			ofile.SaveToFile Server.mappath(FilePath&filename)   '保存文件   
    
     		end if
	
		set file=nothing
		
	
next
    
	set upload=nothing

	if FileName<>"" then
		dim upsave

		if  sizes<500 then
					Dim tempfileOBJ1,txt

					path= path & FileName


    					Set FsoObj1=Server.CreateObject("Scripting.FileSystemObject")
   			 		Set tempfileOBJ1 = FsoObj1.OpenTextFile(path, 1, 0, 0 )
    					While NOT tempfileOBJ1.AtEndOfStream
						txt=txt & tempfileOBJ1.ReadLine
    					Wend
					Set FsoObj1=Nothing
					Set tempfileOBJ1=Nothing	
					
					upsave=FindFiles(txt)

		end if

		if upsave=""  then
				if Request.QueryString("action")="rep" then
			Set Rs = Server.CreateObject("Adodb.Recordset")
			Sql = "SELECT [id],[name],[topicid],[reid],[url],[size],[nid] FROM [qingtian_bbs_reforum_file]"
			Rs.Open Sql,conn,1,3
				rs.addnew
				rs("name")=upfilename
				rs("topicid")=id
				rs("reid")=reid
				rs("url")=UploadPath & FileName
				rs("size")=sizes
				rs("nid")=qingtian.nid
				rs.update
				upid=rs("id")
			Rs.close
			set rs=nothing
			Set Rs = Server.CreateObject("Adodb.Recordset")
			Sql = "SELECT [upfile] FROM [qingtian_bbs_reforum] where [id]="&reid&""
			Rs.Open Sql,conn,1,3
			if not (rs.bof and rs.eof) then
				rs("upfile")=true
				rs.update	
			end if
			Rs.close
			set rs=nothing

		%>
		<%=we%><%=qingtian.utf8("上传成功!")%><%=we0%>
		<%
		else

			Set Rs = Server.CreateObject("Adodb.Recordset")
			Sql = "SELECT [id],[name],[topicid],[url],[size],[nid] FROM   [qingtian_bbs_forum_file]"
			Rs.Open Sql,conn,1,3
				rs.addnew
				rs("name")=upfilename
				rs("topicid")=id
				rs("url")=UploadPath & FileName
				rs("size")=sizes
				rs("nid")=qingtian.nid
				rs.update
				upid=rs("id")
			Rs.close
			set rs=nothing
			Set Rs = Server.CreateObject("Adodb.Recordset")
			Sql = "SELECT [upfile] FROM [qingtian_bbs_forum] where [id]="&id&""
			Rs.Open Sql,conn,1,3
			if not (rs.bof and rs.eof) then
				rs("upfile")=true
				rs.update	
			end if
			Rs.close
			set rs=nothing


		%>
		<%=we%><%=qingtian.utf8("上传成功!")%><%=we0%>
		<%
		end if
		else
    			Set FsoObj=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj.FileExists(path) then
   			FsoObj.CopyFile path,Replace(path,"upload","bakupload")
			end if
			Set FsoObj=Nothing

    			Set FsoObj=Server.CreateObject("Scripting.FileSystemObject")
			IF FSOObj.FileExists(path) then
   			FsoObj.deletefile(path)
			end if
			Set FsoObj=Nothing


			%><%=upsave%><%
		end if
	else
		%><%=we%><%=qingtian.utf8("上传文件出错!")%><%=we0%><%
	end  if
end if	

	else%>
	<%=we%><%=qingtian.utf8("系统禁止上传文件!")%><%=we0%>
	<%end if%>
<%end if%>
			<%=sou%><a href="viewv.asp?listid=<%=listid%>&amp;id=<%=id%>&amp;pageidid=<%=pageid%>&amp;sid=<%=sidd%>"><%=qingtian.utf8("返回帖子")%></a><br/><a href="board.asp?listid=<%=listid%>&amp;pageid=<%=pageid%>&amp;sid=<%=sidd%>"><%=qingtian.utf8("返回帖子列表")%></a><%=we0%>
			
<%
end Function 
%>
